VulnCheck KEV: CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2026:20085-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20085-1 advisory. Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...

CVE-2026-23009

CVE-2026-23009 is a Linux kernel vulnerability in the xHCI sideband code where xhci_sideband_remove_endpoint() could dereference a non-existent transfer ring (ep->ring) during suspend/resume or re-enumeration, risking a crash. The fix adds a guard to only dereference ep->ring if it exists a...

PT-2026-4671

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci sideband remove endpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during...

AZL-78455 CVE-2026-22979 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...

UBUNTU-CVE-2026-22979

In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...

CVE-2026-22979

CVE-2026-22979 is a Linux kernel vulnerability affecting memory accounting for GRO-fragmented SKBs. The issue arose because skb_segment_list() continued to add each fragment’s truesize to delta_truesize while subtracting it from the parent SKB, even though fragments are no longer charged to the s...

CVE-2026-22979 net: fix memory leak in skb_segment_list for GRO packets

In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GRO engine. Historically, the segmentation logic in skbsegmentlist...

[SECURITY] Fedora 43 Update: vsftpd-3.0.5-14.fc43

vsftpd is a Very Secure FTP daemon. It was written completely from scratch...

TrojanGYM: A Detector-In-The-Loop LLM for Adaptive RTL Hardware Trojan Insertion

Hardware Trojans HTs remain a critical threat because learning-based detectors often overfit to narrow trigger/payload patterns and small, stylized benchmarks. We introduce TrojanGYM, an agentic, LLM-driven framework that automatically curates HT insertions to expose detector blind spots while...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004929 advisory. When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004924)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004924 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: Use kvmalloc/kvfree for larger packets. When copying a large file over sftp over...

📄 Lighttpd 1.4.66 Resource Leak Denial of Service

Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004933 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...

Linux Distros Unpatched Vulnerability : CVE-2026-22979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fix memory leak in skbsegmentlist for GRO packets When skbsegmentlist is called during packet forwarding, it handles packets that were aggregated by the GR...

SUSE-SU-2026:0219-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...

Improper Access Control

Pterodactyl is vulnerable to Improper Access Control. The vulnerability is due to failure to revoke active SFTP sessions when user permissions are removed or modified, which allows an attacker with an existing SFTP connection to retain unauthorized file access after their privileges are revoked...

Azure Linux 3.0 Security Update: kernel (CVE-2024-36930)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36930 advisory. - In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within...

Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...

ROS-20260122-73-0025

Vulnerability in httpd related to information disclosure during data transfer. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...